Symantec to give software a security reputation

This site may earn affiliate commissions from the links on this page. Terms of use.

Symantec is set to better use its large customer base in a new reputation-based system for deciding whether software applications are safe or not.

The idea behind a reputation works as follows. When a new software application is found on a user’s machine Symantec look at the rest of the machines it knows about on its database. It then looks to see how many of those machines already have the software and the reputation of that machine.

Symantec is putting user’s machines into three distinct groups, which it formulates based on the number of infections a machine has had. It also takes into account what software they download and where they download it from. The three groups are:

Ultra-safe

Adventurous

Completely unsafe

So, using this system you can accurately determine that an application installed on the majority of the ultra-safe machines is safe, where as software appearing on completely unsafe machines, and nowhere else, should be handled with caution.

Reputation-based security is the latest and greatest technology in malware detection … When seeking good food, we’ll most likely go to the restaurant with the most customers. That’s an example of a reputation-based choice in selecting a restaurant … You just look at the behaviour of people and make a decision based on that behaviour. We can do the same with programs.

There is no release date for when the reputation system will be added to the Norton line of products, but Basant believes it won’t be too long because testing has shown it to work very well.

Matthew’s Opinion
Although this reputation system amounts to a best guess, the data it is relying on from millions of customers makes it a very good guess. On it’s own it wouldn’t be an adequate solution, but when paired with an existing anti-virus solution it should form a great compliment.

Because the reputation is based on real-world usage it should hopefully cut down on the amount of scanning required too. So, if a piece of software is classed as ultra-safe because of where it is downloaded from and all the other ultra-safe users using it, there should be no need to scan the downloaded file. The only time that becomes a risk is if the safe site has been compromised.

I expect we will see this either introduced to the 2009 products, or it may form a big feature of the 2010 products released around October next year. I’d be surprised if Symantec waited that long to introduce it though.